Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WilliamK
New Contributor

*SOLVED* Double IPSEC Tunnel settings for one

Hi, We' re using a Fortigate 200B and created a IPSEC route based tunnel. I have configured everything the way it has to be. The tunnel is working but when I monitor it to bring it up/down I see 2 tunnels for some reason. The second one is creating interference with the first one and I have no idea where it came from. Does anyone know how it is possible? The only thing that is different between the tunnels is the Proxy ID source. The top one is a range and the bottom one is a single IP address within that range. In the picture you can see what I can in the IPsec Monitor and the bottom part is the IKE setting, which clearly shows only the settings for one tunnel.
6 REPLIES 6
rwpatterson
Valued Contributor III

Have you rebooted since messing with the tunnel definitions? I have seen strange things happen while I was making changes to phase 2 tunnel definitions. Sometimes I would get strange results. A reboot always cleared things up. There may be some value in just resetting the tunnels (renegotiating) instead. Your mileage may vary.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
WilliamK

Hi, I rebooted the system and the second tunnel disappeared. Thank you for the reply!
oheigl
Contributor II

I guess this could be happening if you have defined a address group in the destination network in the phase2 settings. Is this the case? Can you post your phase2 configuration?
200B
New Contributor

If you can' t reboot (in production) is there a particular process that can be restarted instead?
WilliamK
New Contributor

I was able to reboot without any issues with other systems. I' m not sure if you can just restart services like you do on a server. Rebooting the firewall doesn' t take long at all.
FortiRack_Eric
New Contributor III

Don' t reboot the unit, instead: diag vpn ike restart Cheers, Eric

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Top Kudoed Authors